Open Source Firmware in the Bare-Metal Cloud

Security,

Traditional cloud computing services utilize virtualization to abstract a physical server's hardware and firmware details. In a bare-metal cloud, users have direct access to the hardware, and to the firmware that runs on the hardware. It is thus in the interest of bare-metal cloud providers to control the firmware running on the servers, rather than to rely on proprietary, black-box firmware. This presentation will look at the challenges involved in replacing vendor-supplied firmware with open source alternatives such as OpenBMC and TianoCore. It will discuss approaches taken to reverse engineer BMC firmware image formats from multiple server vendors, and will also discuss tools created to extract device tree and sensor details from the images to accelerate OpenBMC porting. It will also look at security considerations such as firmware signature verification and real-time modification detection. Examples will be provided based both on work completed and work in progress at Packet Labs, the research and development division of Packet.

Resources: